Skip to content

Bump actions/setup-node from 4 to 6#28

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/setup-node-6
Open

Bump actions/setup-node from 4 to 6#28
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/setup-node-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Copy link
Copy Markdown

Bumps actions/setup-node from 4 to 6.

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 24, 2026
@dependabot dependabot Bot requested a review from alexejsailer as a code owner April 24, 2026 04:45
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 24, 2026
alexejsailer added a commit that referenced this pull request Jul 11, 2026
…main + ignore rules for majors

Applied directly to main (equivalent to or newer than the dependabot PRs, which
auto-close once main satisfies them):
- All four services: spring-boot-starter-parent 3.5.13 -> 3.5.16
- opentelemetry-instrumentation-bom 2.18.1 -> 2.29.0, opentelemetry-semconv
  1.34.0 -> 1.43.0, opentelemetry-sdk-testing 1.52.0 -> 1.63.0 (PRs #36, #13,
  #11, #4, #19, #16, #1, #12, #8, #5)
- wiremock-standalone 3.3.1 -> 3.13.2 (#9, #6), awaitility 4.3.0 (#2)
- mockwebserver 4.12.0 -> 5.3.2: required follow-up — sdk-testing 1.63 pulls
  okhttp-jvm 5.3.2, whose internals break mockwebserver 4.x (NoSuchMethodError
  in TaskRunner); the 5.x artifact keeps the classic okhttp3.mockwebserver API
- cli: form-data 4.0.6 (CRLF injection, GHSA-hmw2-7cc7-3qxx), ollama 0.6.3
  (#21), commander 14 (#25), @anthropic-ai/sdk 0.91 (#22) — tsc + tsup clean
- chat: form-data 4.0.6, grammy 1.44 (#35)
- ci.yml: checkout@v7 (#34), setup-java@v5 (#27), setup-node@v6 (#28),
  upload-artifact@v7 (#26)

Declined via dependabot.yml ignore rules (dependabot closes those PRs on its
next run): Spring Boot 4.x (#33, #17, #14), spring-vault 4 (#32), springdoc 3
(#15), hibernate-validator 9 (#18) — all gated on a deliberate Boot 4
migration; typescript 6 (#23) and @types/node 25 (#24) — blocked by tooling
peer ranges and the Node 22 runtime.

Suites green: gateway 102, executor 186, vault 47, blobstore 50. Remaining
accepted: esbuild low-severity dev-only Windows-only advisory (pinned by tsup).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UEMvAWnBeMFuQjcmpquRQA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants